The vCenter Server for Windows must limit the use of the built-in SSO administrative account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-94733 | VCWN-65-000010 | SV-104563r1_rule | Medium |
| Description |
|---|
| Use of the SSO administrator account should be limited as it is a shared account and individual accounts must be used wherever possible. |
| STIG | Date |
|---|---|
| VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2020-03-27 |
Details
| Check Text ( C-93923r1_chk ) |
|---|
| Verify the built-in SSO administrator account is only used for emergencies and situations where it is the only option due to permissions. If the built-in SSO administrator account is used for daily operations or there is no policy restricting its use, this is a finding. |
| Fix Text (F-100851r1_fix) |
|---|
| A policy should be developed to limit the use of the built-in SSO administrator account. |